General

  • Target

    NJ en lo que regresa.vbs

  • Size

    484KB

  • Sample

    220106-n2a8jsbbh8

  • MD5

    cfe8083b99457520d371e972f4d340a9

  • SHA1

    e11e37e2b04513bc50632265e4b81b24209ddd04

  • SHA256

    9932a9c3c258842f413e5866e866cf504affb707fbb37fcf02506c54e40f1f21

  • SHA512

    021c64c5762b6a75ee9fcabbe33656c49a259f427e94f754e53c31b20a5f2033ec925b114558cdd7ed34477e471a0850eafd8c046dee2961e47a236c2bbd6a64

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://149.56.200.165/dll/3.txt

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

venomsi.mypsx.net:81

Mutex

4c6c9a1bbdc34e6ebe

Attributes
  • reg_key

    4c6c9a1bbdc34e6ebe

  • splitter

    @!#&^%$

Targets

    • Target

      NJ en lo que regresa.vbs

    • Size

      484KB

    • MD5

      cfe8083b99457520d371e972f4d340a9

    • SHA1

      e11e37e2b04513bc50632265e4b81b24209ddd04

    • SHA256

      9932a9c3c258842f413e5866e866cf504affb707fbb37fcf02506c54e40f1f21

    • SHA512

      021c64c5762b6a75ee9fcabbe33656c49a259f427e94f754e53c31b20a5f2033ec925b114558cdd7ed34477e471a0850eafd8c046dee2961e47a236c2bbd6a64

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Blocklisted process makes network request

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks